Systems and methods for tiered network slice design and management in a wireless network

ABSTRACT

A system may provide for the design and/or modification of network slices associated with a wireless network. The wireless network may include different slices that are associated different sets of service parameters. Slices may include radio access networks (“RANs”), core networks, or other types of networks, which may include respective sets of network functions (“NFs”), which may perform specific functions with respect to a given RAN and/or core network. Different slices, RANs, core networks, and/or NFs may be associated with particular policies and/or tags which may be specified by one or more users associated with a first access level. One or more users associated with a second access level may configure portions of the wireless network, and the policies and/or tags associated with particular slices, RANs, core networks, or NFs may be automatically implemented by an orchestration system that configures the wireless network based on the provided configuration information.

BACKGROUND

Wireless networks may offer services to User Equipment (“UEs”), such asvoice services, data services, or the like. Wireless networks may offerdifferentiated services, such as different types of services, serviceswith different Quality of Service (“QoS”) parameters, etc. via different“slices.” A given slice may include or may be implemented by discretehardware and/or logical network functions via which a UE may receivenetwork service according to a particular set of parameters.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example arrangement of different tiers of awireless network;

FIG. 2 illustrates an example overview of one or more embodimentsdescribed herein;

FIGS. 3A-3D illustrate example data structures that may include policyand/or tag information associated with one or more users and/or portionsof the wireless network, in accordance with some embodiments;

FIGS. 4A and 4B illustrate an example configuration of the wirelessnetwork based on configuration parameters provided by a user associatedwith a particular access level, in accordance with some embodiments;

FIG. 5 illustrates an example process for configuring the wirelessnetwork based on configuration parameters provided by a user associatedwith a particular access level, in accordance with some embodiments;

FIG. 6 illustrates an example environment in which one or moreembodiments, described herein, may be implemented;

FIG. 7 illustrates an example arrangement of a radio access network(“RAN”), in accordance with some embodiments; and

FIG. 8 illustrates example components of one or more devices, inaccordance with one or more embodiments described herein.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

The following detailed description refers to the accompanying drawings.The same reference numbers in different drawings may identify the sameor similar elements.

Embodiments described herein provide for the design and/or modificationof network slices associated with a wireless network at multiple levelsor tiers. For example, as shown in FIG. 1 , a “higher” tier (e.g.,referred to herein as “tier 1”) may be associated with an “end-to-end”level or a “slice” level. Thus, the wireless network may includemultiple different slices 101, that are each associated with adifferentiated set of service parameters (e.g., different QoSparameters, different application parameters, different service types,etc.). Another tier (e.g., referred to herein as “tier 2”), in someembodiments, may be associated with a “network” level. This tier mayinclude, for example, one or more radio access networks (“RANs”) 103,core networks 105, and/or other types of networks. Further, another tier(e.g., referred to herein as “tier 3”) may be associated with networkfunctions (“NFs”), which may perform specific functions with respect toa given RAN 103 and/or core network 105. For example, a particular RAN103 may include a first set of NFs 107, and a particular core network105 may include a second set of NFs 107. Similarly, different RANs 103may include different respective sets of NFs 107, and different corenetworks 105 may include different respective sets of NFs 107. As such,a given slice 101 may include one or more RANs 103 and/or core networks105. Further, a given RAN 103 may include a set of NFs 107, and a givencore network 105 may include a set of NFs 107.

For example, as shown in FIG. 2 , wireless network may include exampleslices 101-1, 101-2, and 101-3. Slice 101-1 may be associated with afirst set of service parameters, slice 101-2 may be associated with asecond set of service parameters, and slice 101-3 may be associated witha third set of service parameters. For example, slices 101-1, 101-2, and101-3 may be associated with different QoS parameters, different trafficor service types (e.g., voice, data, streaming, etc.), different usergroups or categories (e.g., users or devices associated with differentorganizations), different device types or categories (e.g., mobiletelephones, Internet of Things (“IoT”) devices, autonomous vehicles,etc.), and/or other types of service parameters. Slice 101-1 may also beassociated with RAN 103-1 and core network 105-1; slice 101-2 may alsobe associated with RAN 103-2 and core network 105-2; and slice 101-3 mayalso be associated with RAN 103-3 and core network 105-3. For example,RANs 103 may each include a respective RAN or type of RAN, such as aLong-Term Evolution (“LTE”) RAN, a Fifth Generation (“5G”) RAN, anunlicensed (e.g., WiFi) RAN, or some other type of RAN. In someembodiments, different RANs may implement different radio accesstechnologies (“RATs”) and/or architectures such as one or more or more5G RATs (e.g., ultra-wideband, millimeter-wave, etc.), LTE RATs, ThirdGeneration (“3G”) RATs, 5G standalone architecture, 5G non-standalone(“NSA”) architecture, etc.

Core networks 105 may include a respective core network or type of corenetwork, such as an Evolved Packet Core (“EPC”), a 5G Core (“5GC”), ahybrid EPC/5GC, and/or some other type of core network. NFs 107 mayinclude suitable NFs used to implement a given RAN 103 and/or corenetwork 105, such as a Next Generation Node B (“gNB”), an evolved Node B(“eNB”), an Access and Mobility Management Function (“AMF”), a MobilityManagement Entity (“MME”), a User Plane Function (“UPF”), a Packet DataNetwork (“PDN”) Gateway (“PGW”), and/or other types of NFs.

As noted above, slices 101 may be at a first tier, RANs 103 and/or corenetworks 105 may be at a second tier, and NFs 107 may be at a thirdtier. In some embodiments, a given slice 101 may include multiple RANs103 and/or multiple core networks 105, such as a slice 101 that isassociated with multiple RANs 103 that implement multiple different RATsand/or multiple core networks 105 that implement multiple different corenetwork technologies. In some embodiments, two different slices 101 mayimplement the same types of RANs 103 and/or core networks 105, but withdifferent service parameters (e.g., different QoS parameters, differentgroups of UEs, etc.).

In some embodiments, slices 101, networks 103 and/or 105, and/or NFs 107may be configured by, or with the assistance of, Slice OrchestrationSystem (“SOS”) 203. For example, slices 101, networks 103 and/or 105,and/or NFs 107 may include or may be implemented by one or moreSoftware-Defined Networks (“SDNs”), in which different network devicesor systems may be dynamically configured in a containerized environmentwhich may include one or more virtual machines, cloud computing systems,datacenters, servers, or the like. SOS 203 and the devices or systemsthat implement slices 101, networks 103 and/or 105, and/or NFs 107 mayimplement a suitable application programming interface (“API”) orprotocol, such as the open-source Kubernetes API or some other API orprotocol, via which SOS 203 may instantiate, provision, install,configure, etc. one or more instances of slices 101, networks 103 and/or105, and/or NFs 107 on the devices or systems. For example, SOS 203 mayreceive commands, instructions, etc. from one or more managementworkstations 205, which may be accessed by network operators, designers,technicians, administrators, or the like. Although referred to herein as“workstations,” management workstations 205 may include one or morecomputers, laptops, mobile devices, tablets, and/or other types ofdevices or systems. Additionally, or alternatively, SOS 203 may receiveautomated commands generated using one or more artificialintelligence/machine learning (“AI/ML”) techniques or other automatedtechniques.

As described herein, different users or management workstations 205 maybe associated with different access parameters, which may include accessto different tiers of wireless network 201 and/or access to particularslices 101, networks 103 and/or 105, and/or NFs 107 of wireless network201. For example, a given user or management workstation 205 may beassociated with “tier 1” access, such that the given user or managementworkstation 205 may be authorized to generate, delete, modify, etc. oneor more slices 101. Another user or management workstation 205 may beassociated with “tier 2” access, such that the user or managementworkstation 205 may be authorized to generate, delete, modify, etc. oneor more RANs 103 and/or core networks 105 that are associated with oneor more particular slices 101. Another user or management workstation205 may be associated with “tier 3” access, such that the user ormanagement workstation 205 may be authorized to generate, delete,modify, etc. one or more NFs 107 that are associated with one or moreparticular RANs 103 and/or core networks 105.

In some embodiments, a “higher” tier level of access may “inherit” orotherwise include access to “lower” tiers. For example, a “tier 1” levelof access associated with slice 101-1 may allow for the modification ofslice 101-1, including modifying service parameters of slice 101-1(e.g., QoS parameters, UE access control parameters, etc.) as well asservice parameters of RAN 103-1 (e.g., RAT and/or other RAN parameters)and/or core network 105-1 (e.g., core network technology or other corenetwork parameters). As another example, the “tier 1” level of accessmay also allow for the addition or deletion of one or more RANs 103and/or core networks 105 to and/or from slice 101-1. Further, the “tier1” level of access associated with slice 101 may further allow for themodification of service parameters associated with NFs 107-1 through107-6, which are respectively associated with RAN 103-1 and core network106-1.

On the other hand, in some embodiments, a “lower” tier level of accessmay not include access to “higher” tiers. For example, a “tier 3” levelof access with respect to slice 101-1 (and/or a RAN 103, core network105, or NF 107 thereof) may include access to one or more NFs 107 ofslice 101, but may not allow for access to modify, add, delete, etc.RANs 103 and/or core networks 105 from slice 101. In some embodiments,the access to a given NF 107 may include access to perform operationssuch as “healing” a given NF 107, modifying NF 107 parameters, scalingNF 107 (e.g., adding or deleting instances of the same NF 107), and/orother suitable operations. In some embodiments, a “tier 3” level ofaccess may not include the capability to add or delete an NF 107 from agiven RAN 103 or core network 105, while a “tier 1” or “tier 2” level ofaccess may allow access to add or delete an NF 107 from a given RAN 103or core network 105. In some embodiments, on the other hand, certainusers may be authorized to access only specific tiers, such as a userthat has “tier 1” access but not “tier 2” or “tier 3” access.

In some embodiments, SOS 203 may include and/or may be communicativelycoupled to User Access Control Repository (“UACR”) 207, which mayspecify tiers of particular users, groups, management workstations 205,etc. Further, SOS 203 may include and/or may be communicatively coupledto NF Policy Repository (“NPR”) 209, which may specify rules, policies,etc. associated with one or more NFs 107. In some embodiments, anadministrator of wireless network 201, a “tier 1” user, and/or someother suitable source may specify which users are associated with whichportions of network 201, and may further specify rules and/or policiesassociated with particular NFs 107 that are automatically enforced,configured, etc. when a given NF 107 is instantiated, installed, etc. atwireless network 201.

For example, in some embodiments, management workstation 205 may presenta “drag-and-drop” graphical user interface (“GUI”) that allows a givenuser to configure, plan, design, etc. one or more portions of wirelessnetwork 201. As discussed below, SOS 203 may identify one or more slices101 and/or tiers associated with a given user accessing a particularmanagement workstation 205, and may identify NFs 107, RANs 103, corenetworks 105, and/or slices 101 that the given user is authorized toaccess, configure, etc. The user may, via the drag-and-drop interface,associate one or more NFs 107 with a given RAN 103 or core network 105,and/or may associate one or more RANs 103 and/or core networks 105 witha given slice 101. The user may also, via the GUI, make one or morechanges, view status updates, generate or modify rules and/or policies,and/or perform one or more other operations with respect to a given NF107, RAN 103, core network 105, and/or slice 101 that the user isauthorized to access.

In the examples provided herein, access control is discussed in thecontext of a “user.” In practice, tiers or other access parameters maybe associated with management workstations 205 and/or other types ofdevices, groups, etc. In this manner, access to particular portions ofwireless network 201 may be controlled in a granular and secure fashion,as users without sufficient access may not be able to make changes tothe network that have unintended or unforeseen consequences to otherportions of wireless network 201. Further, as discussed below, userswith higher tiers of access (e.g., an administrator associated withwireless network 201, where such administrator may have “tier 1” access)may be able to specify rules, polices, etc. that may be automaticallyincorporated when a user with a lower tier configures a given RAN 103,core network 105, and/or NF 107. As such, the higher tier users maymaintain “end-to-end” control of wireless network 201, without needingto specify or maintain lower tier functionality.

FIG. 3A illustrates an example data structure 301 that may be maintainedby UACR 207, specifying particular users along with tiers of access andslices with which such users are associated. For example, as shown,example User_A may be associated with tiers 1, 2, and 3. For example, asdiscussed above, some embodiments may provide for access only to tiersexplicitly indicated as associated with a given user. In otherembodiments, as also discussed above, a higher tier may “inherit” accessto lower tiers. As further shown here, User_B may have access to tiers 2and 3 (e.g., RAN 103 and/or core network 105, but not slice 101), andUser_C may have access to tier 3 (e.g., NFs 107). As further shown, datastructure 301 may indicate one or more slices with which a given user isassociated. For example, User_A, User_B, and User_D are associated withSlice_A. Additionally, User_C and User_D are associated with Slice_B(e.g., User_D has access to both Slice_A and Slice_B), and User_E isassociated with Slice_C.

FIG. 3B illustrates an example data structure 303 that may indicatepolicies and/or other tags associated with one or more slices 101. Forexample, as discussed above, one or more users (e.g., tier 1 users orother users, such as an administrator, operator, etc. of wirelessnetwork 201) may configure one or more slices 101 to include a set oftags, capabilities, and/or policies. As discussed here, a “tag” mayinclude, may refer to, and/or may otherwise be associated with a set ofcapabilities, policies, and/or other parameters. Additionally, oralternatively, in some embodiments, a “tag” may be used to indicatewhich slices 101, RANs 103, core networks 105, and/or NFs 107 arepermitted to be used together and/or which slices 101, RANs 103, corenetworks 105, and/or NFs 107 are not permitted to be used together. Insome embodiments, the “tags” shown in data structure 303 may be based onand/or may include identifiers or parameters associated with givenslices 101. Such identifiers or parameters may include a Slice ServiceType (“SST”) value, a Slice Differentiator (“SD”) value, or othersuitable identifier or parameter.

As shown, for example, Slice_A may be associated with a “voice” tag.This tag may indicate that a given slice 101 (e.g., referred to as“Slice_A”) may have the capability to be used for voice call services,and/or that a set of policies, rules, etc. associated with providingvoice call services may be associated with Slice_A. For example, Slice Amay be associated with a particular QoS level that is associated withvoice services, one or more RANs 103 associated with Slice_A may berequired (e.g., via one or more policies) to implement a particular RATthat supports voice services, Slice_A may be associated with a rule orconstraint that requires one or more georedundant NFs 107 in order toprovide reliable voice services, etc.

As another example, Slice_B may be associated with a “data” tag and a“low latency” tag. For example, Slice B may be associated with aparticular QoS level that is associated with data services and alsoprovides low latency (e.g., a maximum threshold latency or lower), maybe associated with one or more Multi-Access/Mobile Edge Computing(“MEC”) devices, referred to sometimes herein simply as a “MECs” (e.g.,in order to provide low-latency services), and/or other rules orpolicies associated with providing low-latency data services. As anotherexample, Slice_C may be associated with a “data” tag but not a “lowlatency” tag. As such, Slice_C may have fewer polices, constraints, etc.than Slice_B (e.g., policies, constraints, etc. relating to low latencyservices). Slice_D may be associated with a “streaming” tag, which maybe associated with a QoS level related to providing streaming services,a policy or rule that Slice_D must include one or more Content DeliveryNetworks (“CDNs”) within particular geographical regions, etc. Slice_Emay be associated with “data” and “content filter” tags. The “contentfilter” tag may be associated with one or more rules, policies, etc.that enable content filtering at Slice_E, such as the inclusion of oneor more NFs 107 that perform content filtering.

While an example of particular tags and slices is provided with respectto data structure 303, in practice, NPR 209 may maintain additionalinformation and/or differently formatted information in order to storetags, rules, policies, etc. associated with one or more slices. In someembodiments, the information included in data structure 303 may bespecified via a given management workstation 205, such as a managementworkstation 205 associated with an owner and/or operator of wirelessnetwork 201, a tier 1 user, and/or some other suitable user or device.

FIG. 3C illustrates example data structure 305 that may include tagsand/or policies associated with one or more RANs 103. In someembodiments, similar tags and/or policies may be used for core networks105. As shown, for example, data structure 305 may include “5G” and“data” tags for a first RAN 103 (RAN_A). For example, RAN_A mayimplement a 5G RAT, and may implement or include rules and/or policiesassociated with data services (e.g., QoS policies, georedundancypolicies, or the like). For example, a given slice 101 that includes a“data” tag, such as Slice_B may require that any RANs 103 that areplaced in the slice 101 must include a “data” tag. In this manner, anend-to-end user associated with slice 101 may be able to enforcepolicies that provide an end-to-end measure of performance, reliability,etc. without needing to specify particular parameters of networks103/105 or NFs 107 associated with slice 101.

Similarly, RAN_B may be associated with a “5G” tag and a “low latency”tag, RAN_C may be associated with “LTE” and “voice” tags, RAN_D may beassociated with an “LTE” tag, and RAN_E may be associated with “LTE” and“data” tags. In some embodiments, the information included in datastructure 305 may be specified via a given management workstation 205,such as a management workstation 205 associated with an owner and/oroperator of wireless network 201, a tier 2 user, and/or some othersuitable user or device. In some embodiments, as discussed above, a tier1 user may also have access to configure some or all of the informationstored in data structure 305, in embodiments where higher tier users“inherit” access privileges associated with lower tiers.

FIG. 3D illustrates example data structure 307 that may include tagsand/or policies associated with one or more NFs 107. As discussed above,NFs 107 may include different types of NFs, such as one or more UPFs,AMFs, MMEs, etc. As similarly discussed above, certain NFs 107 may havecertain set of capabilities and/or parameters, such as the capability tosupport a content filter, georedundant capabilities or requirements(e.g., the placing of one instance of a given NF 107 in wireless network102, such as via a drag-and-drop operation in a GUI) may require and/ormay automatically cause the placement of another instance of the same NF107 in a geographically diverse location in wireless network 102. Inthis manner, via one drag-and-drop operation, a user may place orconfigure multiple instances of a given NF 107 in geographically diverseregions, thus enforcing a georedundancy parameter specified with respectto the given NF 107.

FIG. 4A illustrates an example of an automatic providing ofconfiguration options to a given user based on a tier and/or otheraccess parameters associated with the given user. As shown, SOS 203 mayreceive (at 402) a login and/or authentication request from a particularmanagement workstation 205 associated with the user. For example,management workstation 205 may implement an application, API, a GUI,etc., via which management workstation 205 may output (at 402) therequest to SOS 203. In some embodiments, the request may be providedbased on a command, instruction, selection, etc. from a user associatedwith management workstation 205. For example, the user may desire toutilize a GUI provided by management workstation 205 to modify portionsof a particular wireless network 201, such as one or more slices 101,RANs 103, core networks 105, and/or NFs 107.

As noted above, some users or management workstations 205 may beassociated with different tiers, access levels, etc. SOS 203 mayauthenticate the user and/or management workstation 205 by communicatingwith UACR 207. For example, the request (at 402) may includeauthentication credentials such as a password, an authentication token,or some other suitable type of authentication mechanism. UACR 207 maymaintain information that can be used (e.g., by UACR 207 and/or by SOS203) to identify or authenticate a particular user or managementworkstation 205. As also discussed above, UACR 207 may maintaininformation indicating one or more slices 101 with which the user isassociated, one or more tiers with which the user is associated, etc.

SOS 203 may also identify (at 406) one or more RANs 103, core networks105, and/or NFs 107 with which the user is associated based oninformation maintained or provided by NPR 209. For example, SOS 203 mayidentify (at 404) that the user is associated with a given slice 101,and may identify tags, policies, etc. associated with the given slice101 based on information maintained by UACR 207. SOS 203 may identifyRANs 103, core networks 105, and/or NFs 107 that have tags thatcorrespond to tags and/or policies associated with the given slice 101.For example, if the given slice 101 is associated with a “low latency”tag, SOS 203 may identify (at 406) a set of RANs 103, core networks 105,and/or NFs 107 that are also associated with the “low latency” tag.

SOS 203 may indicate (at 408) one or more slices 101, RANs 103, corenetworks 105, and/or NFs 107 that were identified (at 404 and/or 406) asbeing associated with the user and/or management workstation 205.Management workstation 205 may present management interface 401, whichmay include a GUI or other type of user interface, indicating the slices101, RANs 103, core networks 105, and/or NFs 107 that were identified(at 404 and/or 406) as being associated with the user and/or managementworkstation 205. Management interface 401 may, in some embodiments, notinclude slices 101, RANs 103, core networks 105, and/or NFs 107 thatwere not identified (at 404 and/or 406) as being associated with theuser and/or management workstation 205. In this manner, the user mayonly be presented with options to add, delete, modify, etc. portions ofwireless network 201 that the user is authorized to perform operationson. In some embodiments, one or more slices 101, RANs 103, core networks105, and/or NFs 107 that were not identified (at 404 and/or 406) asbeing associated with the user and/or management workstation 205 may bepresented via management interface 401, with an indication that suchportions of wireless network 201 are not editable or modifiable by theuser. In this manner, the user may be presented with a full view ofwireless network 201 to assist with performing operations on portions ofthe wireless network 201 that the user is authorized to performoperations on (e.g., where such modifications include adding, deleting,modifying configuration information, etc.).

As discussed above, management interface 401 may present drag-and-dropoptions via which the user may add NFs 107 to a given RAN 103, corenetwork 105, and/or slice 101. Additionally, or alternatively,management interface 401 may present drag-and-drop options via which theuser may add RANs 103 and/or core networks 105 to a given slice 101(e.g., assuming the user is associated with the appropriate tier and/oraccess level to do so). In some embodiments, management interface 401may present options (e.g., graphical and/or otherwise selectableoptions) to perform one or more other operations, such as modifying tagsand/or policies associated with a given slice 101, RAN 103, core network105, and/or NF 107 (e.g., assuming the appropriate tier and/or accesslevel).

As shown in FIG. 4B, management workstation 205 may output (at 410)configuration information received via management interface 401, whichmay include an addition of one or more slices 101, RANs 103, corenetworks 105, and/or NFs 107 to wireless network 201; a removal of oneor more slices 101, RANs 103, core networks 105, and/or NFs 107 fromwireless network 201; and/or modification of one or more parametersassociated with one or more slices 101, RANs 103, core networks 105,and/or NFs 107 of wireless network 201. In some embodiments,configuration information may include information modifying access toone or more slices 101, RANs 103, core networks 105, and/or networks 107(e.g., a user associated with a higher tier may modify accesspermissions associated with a lower tier). SOS 203 may, in someembodiments, identify (412) one or more tags and/or policies associatedwith the received configuration information. For example, NPR 209 mayidentify one or more additional NFs 107 to place in one or more RANs 103and/or core networks 105 based on a placement of a particular NF 107 ina particular RAN 103 or core network 105. Such additional NF 107 may beplaced based on, for example, a “georedundant” tag associated with NF107, indicating that if one instance of the NF 107 is added to wirelessnetwork 201, then one or more other instances of the same NF 107 will beadded to the wireless network 201 at one or more different geographicallocations.

As another example, a tag or policy associated with a first NF 107 mayspecify that one or more other NFs 107 of a different type are requiredto be added when the first NF 107 is added to wireless network 201. Forexample, if a particular core network 105 has an “EPC/5GC hybrid” tag,the addition of an EPC NF by a user (e.g., via management interface401), such as a PGW, may cause a corresponding 5GC NF (e.g., a UPF) tobe automatically added without an explicit command or instruction fromthe user to add the 5GC NF.

As yet another example, a tag or policy associated with a particular RAN103 may indicate that the particular RAN 103 is a 5G RAN. This tag orpolicy may indicate a threshold quantity (e.g., at least one, at leastten, etc.) of Next Generation Node Bs (“gNBs”) are required for theparticular RAN 103, and that a configuration or modification of theparticular RAN 103 that results in fewer than the threshold quantity ofgNBs is not permitted. In such a situation, SOS 203 may indicate anerror to management workstation 205, based on which managementworkstation 205 may indicate (e.g., via management interface 401) thatone or more further modifications are required.

In some embodiments, SOS 203 may modify (at 414) one or more policiesand/or tags based on received configuration information. For example,the configuration information may include the modification, addition, ordeletion of tags and/or policies associated with one or more slices 101,RANs 103, core networks 105, and/or NFs 107. For example, the user maybe associated with a tier and/or access level that allows the user tomake such modifications, additions, and/or deletions of such tags and/orpolicies. On the other hand, users without such authorization may beable to view such tags and/or policies, but may not be provided with theoption to make modifications to such tags and/or policies.

SOS 203 may further modify (at 416) a configuration of wireless network201 based on the received (at 410) configuration parameters and theidentified (at 412) policies and/or tags associated with the receivedconfiguration parameters. For example, SOS 203 may provision,instantiate, etc. one or more NFs 107 on one or more devices or systemsof a containerized environment (or other suitable type of environment orplatform) based on the addition of one or more slices 101, RANs 103,core networks 105, and/or NFs 107 via management workstation 205. Insome embodiments, when one or more RANs 103, core networks 105, and/orslices 101 are added, SOS 203 may further configure routing parameters,associations between NFs 107, configure identifiers (e.g., sliceidentifiers, Access Point Names (“APNs”), etc.), and/or perform otheroperations to associate NFs 107 and/or groups of NFs 107 with a givenslice 101, RAN 103, and/or core network 105.

FIG. 5 illustrates an example process 500 for configuring wirelessnetwork 201 based on configuration parameters provided by a userassociated with a particular access level (e.g., via managementworkstation 205), in accordance with some embodiments. In someembodiments, some or all of process 500 may be performed by SOS 203. Insome embodiments, one or more other devices may perform some or all ofprocess 500 in concert with, and/or in lieu of, SOS 203.

As shown, process 500 may include receiving (at 502) configurationinformation specifying user access control and/or network policyinformation. For example, SOS 203 may receive, maintain, etc. suchinformation from UACR 207 and/or NPR 209. As noted above, in someembodiments, UACR 207 and/or NPR 209 may receive manual updates toinformation maintained by UACR 207 and/or NPR 209 (e.g., from SOS 203 orsome other device or system), and/or may automatically update and/orrefine such information using artificial intelligence/machine learning(“AI/ML”) techniques or other suitable techniques. In some embodiments,SOS 203 may receive such information from UACR 207 and/or NPR 209 on aperiodic or intermittent basis, a trigger-based basis, an ongoing basis,and/or on some other basis.

Process 500 may further include receiving (at 504) an authenticationrequest from management system, such as management workstation 205 orsome other suitable device or system. For example, SOS 203 may receivean authentication request that includes authentication credentials, anidentifier of a particular user, and/or other suitable information. Insome embodiments, SOS 203 may authenticate management workstation 205and/or the user based on authentication information provided by UACR 207and/or some other device or system.

Process 500 may additionally include determining (at 506) an accesslevel associated with the authentication request. For example, SOS 203may, based on user access information provided by UACR 207, identify atier associated with the user.

Process 500 may also include selecting (at 508) particular portions ofwireless network 201 based on the determined access level and thereceived network policy information. For example, SOS 203 may identifyone or more network slices 101, RANs 103, core networks 105, and/or NFs107 with which the user is associated (e.g., authorized to and/or haspermission to access, view, add, delete, modify, etc.). As noted above,for example, a user may be associated with a particular tier (e.g., tier3 in the examples provided above) related to modifying parametersassociated with NFs 107, but not for slices 101, RANs 103, or corenetworks 105. In such scenarios, SOS 203 may identify NFs 107 that areassociated with a slice 101, RAN 103, and/or core network 105 with whichthe user is associated (e.g., as indicated by UACR 207). For example,some slices 101, RANs 103, and/or core networks 105 may have beenconfigured prior to the authentication request from the user associatedwith management workstation 205. As such one or more NFs 107 may havebeen configured with a slice identifier, a RAN identifier, a corenetwork identifier, and/or some other information associating a given NF107 with a given slice 101, RAN 103, and/or core network 105. Further,as discussed above, one or more slices 101, RANs 103, and/or corenetworks 105 may be associated with one or more tags that indicate oneor more policies, constraints, attributes, etc. associated with suchslices 101, RANs 103, and/or core networks 105. If SOS 203 identifiesthat the user is associated with a particular slice 101, RAN 103, and/orcore network 105, SOS 203 may further identify particular NFs 107 withtags that are associated with corresponding to (e.g., matching, orcorresponding based on one or more rules) tags associated with the witha particular slice 101, RAN 103, and/or core network 105.

Process 500 may further include providing (at 510), to the managementsystem, configuration information associated with the particular portionof the wireless network. For example, SOS 203 may provide informationindicating a previously configured slice 101, RAN 103, and/or corenetwork 105 with which the user is associated. Additionally, oralternatively, SOS 203 may provide information indicating that the useris authorized to add a new slice 101, a new RAN 103, and/or a new corenetwork 105 to a given geographical area and/or logical partition ofnetwork 201. In some embodiments, SOS 203 may indicate a particular setof NFs 107 that are eligible to be added to one or more slices 101, RANs103, and/or core networks 105 based on the user access level (e.g.,based on a tier of the user and/or based on which particular slices 101,RANs 103, and/or core networks 105 the user is authorized to access ormodify). The set of eligible NFs 107 may be a subset of all possible NFs107 for which NPR 209 provides policy information, as not necessarilyall of the available NFs 107 may meet the policies associated with theparticular slices 101, RANs 103, and/or core networks 105 that the useris authorized to access or modify.

Process 500 may additionally include receiving (at 512), from themanagement system, configuration information associated with theparticular portion of the wireless network. For example, as discussedabove, SOS 203 may receive configuration information that specifiesmodified parameters for a given slice 101, RAN 103, core network 105,and/or one or more NFs 107 associated therewith (e.g., based on the useraccess level).

Process 500 may also include identifying (at 514), based on the networkpolicy information, additional operations to perform for the particularportion of wireless network 201 in response to the receivedconfiguration information. For example, as discussed above, SOS 203 mayidentify that a particular NF 107 for which configuration informationhas been received includes a georedundancy parameter, based on which SOS203 may determine that at least a second instance of the particular NF107 should be placed in the particular slice 101, RAN 103, and/or corenetwork 105 when receiving an indication that the particular NF 107should be added. As another example, SOS 203 may determine that an NF107 of a second type should be added based on the addition ormodification of the particular NF 107 (e.g., to satisfy one or morepolicies associated with the particular NF 107, and/or with theparticular slice 101, RAN 103, and/or core network 105).

Process 500 may further include performing (at 516) one or moremodifications to wireless network 201 based on the receivedconfiguration information and the identified additional operations. Forexample, SOS 203 may provision, instantiate, modify, configure, etc. oneor more virtual machines, containers, cloud computing systems, etc. toimplement the configuration information and/or additional operations. Asdiscussed above, such operations may include instantiating one or moreNFs 107 in wireless network 201, removing one or more NFs 107 fromwireless network 201, modifying parameters of one or more NFs 107 inwireless network 201, and/or other suitable operations. The additionaloperations may include operations not specifically requested by the userand/or not specifically indicated in the received (at 512) configurationinformation. In this manner, policies, rules, constraints, etc. that areconfigured by a tier 1 or tier 2 user (e.g., an end-to-endadministrator, a slice administrator, a RAN administrator, a corenetwork administrator, etc.) may be enforced during the design and/orconfiguration of particular RANs 103, core networks 105, and/or slices101 by a lower tier user. As such, policy enforcement and/orimplementation across large and/or diverse networks with varying typesof NFs 107 may be provided in accordance with some embodiments.

FIG. 6 illustrates an example environment 600, in which one or moreembodiments may be implemented. In some embodiments, some or all ofenvironment 600 may include, may be implemented by, may becommunicatively coupled to, and/or may be included in one or morewireless networks 201. In some embodiments, environment 600 representsdevices, systems, NFs 107, etc. associated with a given slice 101.

In some embodiments, environment 600 may correspond to a FifthGeneration (“5G”) network, and/or may include elements of a 5G network.In some embodiments, environment 600 may correspond to a 5G NSAarchitecture, in which a 5G RAT may be used in conjunction with one ormore other RATs (e.g., an LTE RAT), and/or in which elements of a 5Gcore network may be implemented by, may be communicatively coupled with,and/or may include elements of another type of core network (e.g., anEPC). As shown, environment 600 may include UE 601, RAN 610 (which mayinclude one or more gNBs 611), RAN 612 (which may include one or moreevolved Node Bs (“eNBs”) 613), and various network functions such as AMF615, MME 616, Serving Gateway (“SGW”) 617, Session Management Function(“SMF”)/PGW-Control plane function (“PGW-C”) 620, Policy ControlFunction (“PCF”)/Policy Charging and Rules Function (“PCRF”) 625,Application Function (“AF”) 630, UPF/PGW-User plane function (“PGW-U”)635, Home Subscriber Server (“HSS”)/Unified Data Management (“UDM”) 640,and Authentication Server Function (“AUSF”) 645. Environment 600 mayalso include one or more networks, such as Data Network (“DN”) 650.Environment 600 may include one or more additional devices or systemscommunicatively coupled to one or more networks (e.g., DN 650), such asmanagement workstation 205, UACR 207, and/or NPR 209, which may performone or more operations described above.

The example shown in FIG. 6 illustrates one instance of each networkcomponent or function (e.g., one instance of SMF/PGW-C 620, PCF/PCRF625, UPF/PGW-U 635, HSS/UDM 640, and/or AUSF 645). In practice,environment 600 may include multiple instances of such components orfunctions. For example, in some embodiments, environment 600 may includemultiple “slices” of a core network, where each slice includes adiscrete set of network functions (e.g., one slice may include a firstinstance of SMF/PGW-C 620, PCF/PCRF 625, UPF/PGW-U 635, HSS/UDM 640,and/or AUSF 645, while another slice may include a second instance ofSMF/PGW-C 620, PCF/PCRF 625, UPF/PGW-U 635, HSS/UDM 640, and/or AUSF645). The different slices may provide differentiated levels of service,such as service in accordance with different Quality of Service (“QoS”)parameters.

The quantity of devices and/or networks, illustrated in FIG. 6 , isprovided for explanatory purposes only. In practice, environment 600 mayinclude additional devices and/or networks, fewer devices and/ornetworks, different devices and/or networks, or differently arrangeddevices and/or networks than illustrated in FIG. 6 . For example, whilenot shown, environment 600 may include devices that facilitate or enablecommunication between various components shown in environment 600, suchas routers, modems, gateways, switches, hubs, etc. Alternatively, oradditionally, one or more of the devices of environment 600 may performone or more network functions described as being performed by anotherone or more of the devices of environment 600. Devices of environment600 may interconnect with each other and/or other devices via wiredconnections, wireless connections, or a combination of wired andwireless connections. In some implementations, one or more devices ofenvironment 600 may be physically integrated in, and/or may bephysically attached to, one or more other devices of environment 600.

UE 601 may include a computation and communication device, such as awireless mobile communication device that is capable of communicatingwith RAN 610, RAN 612, and/or DN 650. UE 601 may be, or may include, aradiotelephone, a personal communications system (“PCS”) terminal (e.g.,a device that combines a cellular radiotelephone with data processingand data communications capabilities), a personal digital assistant(“PDA”) (e.g., a device that may include a radiotelephone, a pager,Internet/intranet access, etc.), a smart phone, a laptop computer, atablet computer, a camera, a personal gaming system, an IoT device(e.g., a sensor, a smart home appliance, or the like), a wearabledevice, an Internet of Things (“IoT”) device, a Machine-to-Machine(“M2M”) device, or another type of mobile computation and communicationdevice. UE 601 may send traffic to and/or receive traffic (e.g., userplane traffic) from DN 650 via RAN 610, RAN 612, and/or UPF/PGW-U 635.In some embodiments, UE 601 may include, may implement, may becommunicatively coupled to, and/or may be included in one or moreinstances of management workstation 205.

RAN 610 may be, or may include, a 5G RAN that includes one or more basestations (e.g., one or more gNBs 611), via which UE 601 may communicatewith one or more other elements of environment 600. UE 601 maycommunicate with RAN 610 via an air interface (e.g., as provided by gNB611). For instance, RAN 610 may receive traffic (e.g., voice calltraffic, data traffic, messaging traffic, signaling traffic, etc.) fromUE 601 via the air interface, and may communicate the traffic toUPF/PGW-U 635, and/or one or more other devices or networks. Similarly,RAN 610 may receive traffic intended for UE 601 (e.g., from UPF/PGW-U635, AMF 615, and/or one or more other devices or networks) and maycommunicate the traffic to UE 601 via the air interface.

RAN 612 may be, or may include, a LTE RAN that includes one or more basestations (e.g., one or more eNBs 613), via which UE 601 may communicatewith one or more other elements of environment 600. UE 601 maycommunicate with RAN 612 via an air interface (e.g., as provided by eNB613). For instance, RAN 610 may receive traffic (e.g., voice calltraffic, data traffic, messaging traffic, signaling traffic, etc.) fromUE 601 via the air interface, and may communicate the traffic toUPF/PGW-U 635, and/or one or more other devices or networks. Similarly,RAN 610 may receive traffic intended for UE 601 (e.g., from UPF/PGW-U635, SGW 617, and/or one or more other devices or networks) and maycommunicate the traffic to UE 601 via the air interface.

AMF 615 may include one or more devices, systems, Virtualized NetworkFunctions (“VNFs”), Cloud-native Network Functions (“CNFs”), etc., thatperform operations to register UE 601 with the 5G network, to establishbearer channels associated with a session with UE 601, to hand off UE601 from the 5G network to another network, to hand off UE 601 from theother network to the 5G network, manage mobility of UE 601 between RANs610 and/or gNBs 611, and/or to perform other operations. In someembodiments, the 5G network may include multiple AMFs 615, whichcommunicate with each other via the N14 interface (denoted in FIG. 6 bythe line marked “N14” originating and terminating at AMF 615).

MME 616 may include one or more devices, systems, VNFs, CNFs, etc., thatperform operations to register UE 601 with the EPC, to establish bearerchannels associated with a session with UE 601, to hand off UE 601 fromthe EPC to another network, to hand off UE 601 from another network tothe EPC, manage mobility of UE 601 between RANs 612 and/or eNBs 613,and/or to perform other operations.

SGW 617 may include one or more devices, systems, VNFs, etc., thataggregate traffic received from one or more eNBs 613 and send theaggregated traffic to an external network or device via UPF/PGW-U 635.Additionally, SGW 617 may aggregate traffic received from one or moreUPF/PGW-Us 635 and may send the aggregated traffic to one or more eNBs613. SGW 617 may operate as an anchor for the user plane duringinter-eNB handovers and as an anchor for mobility between differenttelecommunication networks or RANs (e.g., RANs 610 and 612).

SMF/PGW-C 620 may include one or more devices, systems, VNFs, CNFs,etc., that gather, process, store, and/or provide information in amanner described herein. SMF/PGW-C 620 may, for example, facilitate theestablishment of communication sessions on behalf of UE 601. In someembodiments, the establishment of communications sessions may beperformed in accordance with one or more policies provided by PCF/PCRF625.

PCF/PCRF 625 may include one or more devices, systems, VNFs, CNFs, etc.,that aggregate information to and from the 5G network and/or othersources. PCF/PCRF 625 may receive information regarding policies and/orsubscriptions from one or more sources, such as subscriber databasesand/or from one or more users (such as, for example, an administratorassociated with PCF/PCRF 625).

AF 630 may include one or more devices, systems, VNFs, CNFs, etc., thatreceive, store, and/or provide information that may be used indetermining parameters (e.g., quality of service parameters, chargingparameters, or the like) for certain applications.

UPF/PGW-U 635 may include one or more devices, systems, VNFs, CNFs,etc., that receive, store, and/or provide data (e.g., user plane data).For example, UPF/PGW-U 635 may receive user plane data (e.g., voice calltraffic, data traffic, etc.), destined for UE 601, from DN 650, and mayforward the user plane data toward UE 601 (e.g., via RAN 610, SMF/PGW-C620, and/or one or more other devices). In some embodiments, multipleUPFs 635 may be deployed (e.g., in different geographical locations),and the delivery of content to UE 601 may be coordinated via the N9interface (e.g., as denoted in FIG. 6 by the line marked “N9”originating and terminating at UPF/PGW-U 635). Similarly, UPF/PGW-U 635may receive traffic from UE 601 (e.g., via RAN 610, SMF/PGW-C 620,and/or one or more other devices), and may forward the traffic toward DN650. In some embodiments, UPF/PGW-U 635 may communicate (e.g., via theN4 interface) with SMF/PGW-C 620, regarding user plane data processed byUPF/PGW-U 635.

HSS/UDM 640 and AUSF 645 may include one or more devices, systems, VNFs,CNFs, etc., that manage, update, and/or store, in one or more memorydevices associated with AUSF 645 and/or HSS/UDM 640, profile informationassociated with a subscriber. AUSF 645 and/or HSS/UDM 640 may performauthentication, authorization, and/or accounting operations associatedwith the subscriber and/or a communication session with UE 601. In someembodiments, HSS/UDM 640 may implement, may be implemented by, mayinclude, may be communicatively coupled to, and/or may otherwise beassociated with UACR 207 and/or NPR 209.

DN 650 may include one or more wired and/or wireless networks. Forexample, DN 650 may include an Internet Protocol (“IP”)-based PDN, awide area network (“WAN”) such as the Internet, a private enterprisenetwork, and/or one or more other networks. UE 601 may communicate,through DN 650, with data servers, other UEs 601, and/or to otherservers or applications that are coupled to DN 650. DN 650 may beconnected to one or more other networks, such as a public switchedtelephone network (“PSTN”), a public land mobile network (“PLMN”),and/or another network. DN 650 may be connected to one or more devices,such as content providers, applications, web servers, and/or otherdevices, with which UE 601 may communicate.

FIG. 7 illustrates an example Distributed Unit (“DU”) network 700, whichmay be included in and/or implemented by one or more RANs (e.g., RAN610, RAN 612, or some other RAN). In some embodiments, a particular RANmay include one DU network 700. In some embodiments, a particular RANmay include multiple DU networks 700. In some embodiments, DU network700 may correspond to a particular gNB 611 of a 5G RAN (e.g., RAN 610).In some embodiments, DU network 700 may correspond to multiple gNBs 611.In some embodiments, DU network 700 may correspond to one or more othertypes of base stations of one or more other types of RANs. As shown, DUnetwork 700 may include Central Unit (“CU”) 705, one or more DistributedUnits (“DUs”) 703-1 through 703-N (referred to individually as “DU 703,”or collectively as “DUs 703”), and one or more Radio Units (“RUs”) 701-1through 701-M (referred to individually as “RU 701,” or collectively as“RUs 701”).

CU 705 may communicate with a core of a wireless network (e.g., maycommunicate with one or more of the devices or systems described abovewith respect to FIG. 6 , such as AMF 615 and/or UPF/PGW-U 635). In theuplink direction (e.g., for traffic from UEs 601 to a core network), CU705 may aggregate traffic from DUs 703, and forward the aggregatedtraffic to the core network. In some embodiments, CU 705 may receivetraffic according to a given protocol (e.g., Radio Link Control (“RLC”))from DUs 703, and may perform higher-layer processing (e.g., mayaggregate/process RLC packets and generate Packet Data ConvergenceProtocol (“PDCP”) packets based on the RLC packets) on the trafficreceived from DUs 703.

In accordance with some embodiments, CU 705 may receive downlink traffic(e.g., traffic from the core network) for a particular UE 601, and maydetermine which DU(s) 703 should receive the downlink traffic. DU 703may include one or more devices that transmit traffic between a corenetwork (e.g., via CU 705) and UE 601 (e.g., via a respective RU 701).DU 703 may, for example, receive traffic from RU 701 at a first layer(e.g., physical (“PHY”) layer traffic, or lower PHY layer traffic), andmay process/aggregate the traffic to a second layer (e.g., upper PHYand/or RLC). DU 703 may receive traffic from CU 705 at the second layer,may process the traffic to the first layer, and provide the processedtraffic to a respective RU 701 for transmission to UE 601.

RU 701 may include hardware circuitry (e.g., one or more RFtransceivers, antennas, radios, and/or other suitable hardware) tocommunicate wirelessly (e.g., via an RF interface) with one or more UEs601, one or more other DUs 703 (e.g., via RUs 701 associated with DUs703), and/or any other suitable type of device. In the uplink direction,RU 701 may receive traffic from UE 601 and/or another DU 703 via the RFinterface and may provide the traffic to DU 703. In the downlinkdirection, RU 701 may receive traffic from DU 703, and may provide thetraffic to UE 601 and/or another DU 703.

RUs 701 may, in some embodiments, be communicatively coupled to one ormore Multi-Access/Mobile Edge Computing (“MEC”) devices, referred tosometimes herein simply as “MECs” 707. For example, RU 701-1 may becommunicatively coupled to MEC 707-1, RU 701-M may be communicativelycoupled to MEC 707-M, DU 703-1 may be communicatively coupled to MEC707-2, DU 703-N may be communicatively coupled to MEC 707-N, CU 705 maybe communicatively coupled to MEC 707-3, and so on. MECs 707 may includehardware resources (e.g., configurable or provisionable hardwareresources) that may be configured to provide services and/or otherwiseprocess traffic to and/or from UE 601, via a respective RU 701.

For example, RU 701-1 may route some traffic, from UE 601, to MEC 707-1instead of to a core network (e.g., via DU 703 and CU 705). MEC 707-1may process the traffic, perform one or more computations based on thereceived traffic, and may provide traffic to UE 601 via RU 701-1. Inthis manner, ultra-low latency services may be provided to UE 601, astraffic does not need to traverse DU 703, CU 705, and an interveningbackhaul network between DU network 700 and the core network. In someembodiments, MEC 707 may include, and/or may implement, some or all ofthe functionality described above with respect to SOS 203.

FIG. 8 illustrates example components of device 800. One or more of thedevices described above may include one or more devices 800. Device 800may include bus 810, processor 820, memory 830, input component 840,output component 850, and communication interface 860. In anotherimplementation, device 800 may include additional, fewer, different, ordifferently arranged components.

Bus 810 may include one or more communication paths that permitcommunication among the components of device 800. Processor 820 mayinclude a processor, microprocessor, or processing logic that mayinterpret and execute instructions. In some embodiments, processor 820may be or may include one or more hardware processors. Memory 830 mayinclude any type of dynamic storage device that may store informationand instructions for execution by processor 820, and/or any type ofnon-volatile storage device that may store information for use byprocessor 820.

Input component 840 may include a mechanism that permits an operator toinput information to device 800 and/or other receives or detects inputfrom a source external to 840, such as a touchpad, a touchscreen, akeyboard, a keypad, a button, a switch, a microphone or other audioinput component, etc. In some embodiments, input component 840 mayinclude, or may be communicatively coupled to, one or more sensors, suchas a motion sensor (e.g., which may be or may include a gyroscope,accelerometer, or the like), a location sensor (e.g., a GlobalPositioning System (“GPS”)-based location sensor or some other suitabletype of location sensor or location determination component), athermometer, a barometer, and/or some other type of sensor. Outputcomponent 850 may include a mechanism that outputs information to theoperator, such as a display, a speaker, one or more light emittingdiodes (“LEDs”), etc.

Communication interface 860 may include any transceiver-like mechanismthat enables device 800 to communicate with other devices and/orsystems. For example, communication interface 860 may include anEthernet interface, an optical interface, a coaxial interface, or thelike. Communication interface 860 may include a wireless communicationdevice, such as an infrared (“IR”) receiver, a Bluetooth® radio, or thelike. The wireless communication device may be coupled to an externaldevice, such as a remote control, a wireless keyboard, a mobiletelephone, etc. In some embodiments, device 800 may include more thanone communication interface 860. For instance, device 800 may include anoptical interface and an Ethernet interface.

Device 800 may perform certain operations relating to one or moreprocesses described above. Device 800 may perform these operations inresponse to processor 820 executing software instructions stored in acomputer-readable medium, such as memory 830. A computer-readable mediummay be defined as a non-transitory memory device. A memory device mayinclude space within a single physical memory device or spread acrossmultiple physical memory devices. The software instructions may be readinto memory 830 from another computer-readable medium or from anotherdevice. The software instructions stored in memory 830 may causeprocessor 820 to perform processes described herein. Alternatively,hardwired circuitry may be used in place of or in combination withsoftware instructions to implement processes described herein. Thus,implementations described herein are not limited to any specificcombination of hardware circuitry and software.

The foregoing description of implementations provides illustration anddescription, but is not intended to be exhaustive or to limit thepossible implementations to the precise form disclosed. Modificationsand variations are possible in light of the above disclosure or may beacquired from practice of the implementations.

For example, while series of blocks and/or signals have been describedabove (e.g., with regard to FIGS. 1-5 ), the order of the blocks and/orsignals may be modified in other implementations. Further, non-dependentblocks and/or signals may be performed in parallel. Additionally, whilethe figures have been described in the context of particular devicesperforming particular acts, in practice, one or more other devices mayperform some or all of these acts in lieu of, or in addition to, theabove-mentioned devices.

The actual software code or specialized control hardware used toimplement an embodiment is not limiting of the embodiment. Thus, theoperation and behavior of the embodiment has been described withoutreference to the specific software code, it being understood thatsoftware and control hardware may be designed based on the descriptionherein.

In the preceding specification, various example embodiments have beendescribed with reference to the accompanying drawings. It will, however,be evident that various modifications and changes may be made thereto,and additional embodiments may be implemented, without departing fromthe broader scope of the invention as set forth in the claims thatfollow. The specification and drawings are accordingly to be regarded inan illustrative rather than restrictive sense.

Even though particular combinations of features are recited in theclaims and/or disclosed in the specification, these combinations are notintended to limit the disclosure of the possible implementations. Infact, many of these features may be combined in ways not specificallyrecited in the claims and/or disclosed in the specification. Althougheach dependent claim listed below may directly depend on only one otherclaim, the disclosure of the possible implementations includes eachdependent claim in combination with every other claim in the claim set.

Further, while certain connections or devices are shown, in practice,additional, fewer, or different, connections or devices may be used.Furthermore, while various devices and networks are shown separately, inpractice, the functionality of multiple devices may be performed by asingle device, or the functionality of one device may be performed bymultiple devices. Further, multiple ones of the illustrated networks maybe included in a single network, or a particular network may includemultiple networks. Further, while some devices are shown ascommunicating with a network, some such devices may be incorporated, inwhole or in part, as a part of the network.

To the extent the aforementioned implementations collect, store, oremploy personal information of individuals, groups or other entities, itshould be understood that such information shall be used in accordancewith all applicable laws concerning protection of personal information.Additionally, the collection, storage, and use of such information canbe subject to consent of the individual to such activity, for example,through well known “opt-in” or “opt-out” processes as can be appropriatefor the situation and type of information. Storage and use of personalinformation can be in an appropriately secure manner reflective of thetype of information, for example, through various access control,encryption and anonymization techniques for particularly sensitiveinformation.

No element, act, or instruction used in the present application shouldbe construed as critical or essential unless explicitly described assuch. An instance of the use of the term “and,” as used herein, does notnecessarily preclude the interpretation that the phrase “and/or” wasintended in that instance. Similarly, an instance of the use of the term“or,” as used herein, does not necessarily preclude the interpretationthat the phrase “and/or” was intended in that instance. Also, as usedherein, the article “a” is intended to include one or more items, andmay be used interchangeably with the phrase “one or more.” Where onlyone item is intended, the terms “one,” “single,” “only,” or similarlanguage is used. Further, the phrase “based on” is intended to mean“based, at least in part, on” unless explicitly stated otherwise.

What is claimed is:
 1. A device, comprising: one or more processorsconfigured to: receive configuration information specifying a first setof tags associated with a first tier of a wireless network; receiveconfiguration information specifying a second set of tags associatedwith a second tier of a wireless network, wherein the second tier isassociated with a set of network functions (“NFs”) that are included inparticular portions of the wireless network that are associated with thefirst tier; receive an authentication request from a management system;determine that the authentication request is associated with the secondtier; select a subset of the set of NFs based on the set of tagsassociated with the first tier of the wireless network; provide, to themanagement system and based on determining that the management system isassociated with the second tier, one or more options to configure one ormore NFs of the selected subset of NFs; receive, from the managementsystem, configuration information associated with a particular NF of theselected subset of NFs; identify, based on the second set of tags, oneor more additional operations associated with the particular NF; andperform one or more modifications to the wireless network based on thereceived configuration information and the identified one or moreadditional operations associated with the particular NF.
 2. The deviceof claim 1, wherein the first tier is associated with at least one of anetwork slice, a radio access network (“RAN”), or a core network or thewireless network.
 3. The device of claim 1, wherein one or more tags ofthe first set of tags and the second set of tags are associated with oneor more particular network policies.
 4. The device of claim 1, whereinthe management system is a first management system, wherein theauthentication request is a first authentication request associated withthe first management system, wherein the one or more processors arefurther configured to: receive a second authentication requestassociated with a second management system; determine, based on thesecond authentication request, that the second management system isassociated with the first tier; and provide, to the second managementsystem and based on determining that the second management system isassociated with the first tier, one or more options to configure one ormore slices, radio access networks (“RANs”), or core networks of thewireless network.
 5. The device of claim 4, wherein the one or moreprocessors are further configured to: provide, to the second managementsystem and based on determining that the second management system isassociated with the first tier, one or more options to configure the oneor more NFs of the selected subset of NFs.
 6. The device of claim 1,wherein the particular NF is associated with a particular tag indicatinga georedundancy policy associated with the particular NF, wherein theone or more additional operations include instantiating at least two NFsof a same type as the particular NF, wherein performing the one or moremodifications to the wireless network include instantiating the at leasttwo NFs of the same type as the particular NF based on the georedundancypolicy.
 7. The device of claim 1, wherein the management system presentsone or more drag-and-drop options to add the selected subset of NFs tothe wireless network.
 8. A non-transitory computer-readable medium,storing a plurality of processor-executable instructions to: receiveconfiguration information specifying a first set of tags associated witha first tier of a wireless network; receive configuration informationspecifying a second set of tags associated with a second tier of awireless network, wherein the second tier is associated with a set ofnetwork functions (“NFs”) that are included in particular portions ofthe wireless network that are associated with the first tier; receive anauthentication request from a management system; determine that theauthentication request is associated with the second tier; select asubset of the set of NFs based on the set of tags associated with thefirst tier of the wireless network; provide, to the management systemand based on determining that the management system is associated withthe second tier, one or more options to configure one or more NFs of theselected subset of NFs; receive, from the management system,configuration information associated with a particular NF of theselected subset of NFs; identify, based on the second set of tags, oneor more additional operations associated with the particular NF; andperform one or more modifications to the wireless network based on thereceived configuration information and the identified one or moreadditional operations associated with the particular NF.
 9. Thenon-transitory computer-readable medium of claim 8, wherein the firsttier is associated with at least one of a network slice, a radio accessnetwork (“RAN”), or a core network or the wireless network.
 10. Thenon-transitory computer-readable medium of claim 8, wherein one or moretags of the first set of tags and the second set of tags are associatedwith one or more particular network policies.
 11. The non-transitorycomputer-readable medium of claim 8, wherein the management system is afirst management system, wherein the authentication request is a firstauthentication request associated with the first management system,wherein the plurality of processor-executable instructions furtherinclude processor-executable instructions to: receive a secondauthentication request associated with a second management system;determine, based on the second authentication request, that the secondmanagement system is associated with the first tier; and provide, to thesecond management system and based on determining that the secondmanagement system is associated with the first tier, one or more optionsto configure one or more slices, radio access networks (“RANs”), or corenetworks of the wireless network.
 12. The non-transitorycomputer-readable medium of claim 11, wherein the plurality ofprocessor-executable instructions further include processor-executableinstructions to: provide, to the second management system and based ondetermining that the second management system is associated with thefirst tier, one or more options to configure the one or more NFs of theselected subset of NFs.
 13. The non-transitory computer-readable mediumof claim 8, wherein the particular NF is associated with a particulartag indicating a georedundancy policy associated with the particular NF,wherein the one or more additional operations include instantiating atleast two NFs of a same type as the particular NF, wherein performingthe one or more modifications to the wireless network includeinstantiating the at least two NFs of the same type as the particular NFbased on the georedundancy policy.
 14. The non-transitorycomputer-readable medium of claim 8, wherein the management systempresents one or more drag-and-drop options to add the selected subset ofNFs to the wireless network.
 15. A method, comprising: receivingconfiguration information specifying a first set of tags associated witha first tier of a wireless network; receiving configuration informationspecifying a second set of tags associated with a second tier of awireless network, wherein the second tier is associated with a set ofnetwork functions (“NFs”) that are included in particular portions ofthe wireless network that are associated with the first tier; receivingan authentication request from a management system; determining that theauthentication request is associated with the second tier; selecting asubset of the set of NFs based on the set of tags associated with thefirst tier of the wireless network; providing, to the management systemand based on determining that the management system is associated withthe second tier, one or more options to configure one or more NFs of theselected subset of NFs; receiving, from the management system,configuration information associated with a particular NF of theselected subset of NFs; identifying, based on the second set of tags,one or more additional operations associated with the particular NF; andperforming one or more modifications to the wireless network based onthe received configuration information and the identified one or moreadditional operations associated with the particular NF.
 16. The methodof claim 15, wherein the first tier is associated with at least one of anetwork slice, a radio access network (“RAN”), or a core network or thewireless network.
 17. The method of claim 15, wherein one or more tagsof the first set of tags and the second set of tags are associated withone or more particular network policies.
 18. The method of claim 15,wherein the management system is a first management system, wherein theauthentication request is a first authentication request associated withthe first management system, the method further comprising: receiving asecond authentication request associated with a second managementsystem; determining, based on the second authentication request, thatthe second management system is associated with the first tier; andproviding, to the second management system and based on determining thatthe second management system is associated with the first tier: one ormore options to configure one or more slices, radio access networks(“RANs”), or core networks of the wireless network, and one or moreoptions to configure the one or more NFs of the selected subset of NFs.19. The method of claim 15, wherein the particular NF is associated witha particular tag indicating a georedundancy policy associated with theparticular NF, wherein the one or more additional operations includeinstantiating at least two NFs of a same type as the particular NF,wherein performing the one or more modifications to the wireless networkinclude instantiating the at least two NFs of the same type as theparticular NF based on the georedundancy policy.
 20. The method of claim15, wherein the management system presents one or more drag-and-dropoptions to add the selected subset of NFs to the wireless network.